Otu esi etinye ma hazie Cache naanị DNS Server na Unbound na RHEL/CentOS 7
Ichekwa sava aha site na iji 'Unbound' ( bụ ihe na-akwado, recursive, na caching DNS server software ), laghachi na RHEL/CentOS 6.x (ebe x bụ nọmba ụdị), anyị na-eji bind software iji hazie sava DNS.
N'ebe a n'isiokwu a, anyị ga-eji 'unbound' caching software iji wụnye na hazie DNS Server na RHEL/CentOS 7 usoro.
A na-eji sava cache DNS dozie ajụjụ DNS ọ bụla ha nwetara. Ọ bụrụ na ihe nkesa ahụ na-echekwa ajụjụ ahụ na n'ọdịnihu, otu ajụjụ ndị ahịa ọ bụla na-arịọ arịrịọ a ga-anapụta ya site na DNS 'unbound' cache, nke a nwere ike ime na milliseconds karịa oge mbụ o kpebiri.
Caching ga-eme naanị dị ka onye nnọchi anya iji dozie ajụjụ onye ahịa n'aka onye ọ bụla n'ime ndị mbugharị. Iji ihe nkesa caching, ga-ebelata oge ntinye nke ibe weebụ site na idobe nchekwa data cache na nkesa enweghị oke.
Maka ebumnuche ngosi, m ga-eji sistemụ abụọ. Usoro nke mbụ ga-arụ ọrụ dị ka ihe nkesa DNS Master (Primary) na usoro nke abụọ ga-eme dị ka onye ahịa DNS mpaghara.
Operating System : CentOS Linux release 7.0.1406 (Core) IP Address : 192.168.0.50 Host-name : ns.tecmintlocal.com
Operating System : CentOS 6 IP Address : 192.168.0.100 Host-name : client.tecmintlocal.com
Kwụpụ 1: Lelee aha nnabata sistemụ na IP
1. Tupu ịtọlite sava DNS caching, jide n'aka na ị gbakwunyela aha nnabata ziri ezi ma hazie adreesị IP ziri ezi maka sistemụ gị, ma ọ bụrụ na edoghị adreesị IP nke sistemụ ahụ.
2. Mgbe, mwube ziri ezi hostname na static adreesị IP, ị nwere ike nyochaa ha na enyemaka nke na-esonụ iwu.
# hostnamectl # ip addr show | grep inet
Kwụpụ 2: Wụnye na ịhazi Unbound
3. Tupu ịwụnye ngwugwu 'Unbound', anyị ga-emelite usoro anyị na ụdị kachasị ọhụrụ, mgbe nke ahụ gasịrị, anyị nwere ike ịwụnye ngwugwu na-adịghị.
# yum update -y # yum install unbound -y
4. Mgbe etinyere ngwugwu, mee otu faịlụ nhazi na-enweghị njikọ tupu ime mgbanwe ọ bụla na faịlụ mbụ.
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original
5. Na-esote, jiri nke ọ bụla n'ime ederede ederede kachasị amasị gị imeghe ma dezie faịlụ nhazi 'unbound.conf'.
# vim /etc/unbound/unbound.conf
Ozugbo emepere faịlụ maka ndezi, mee mgbanwe ndị a:
Chọọ Interface wee mee ka interface anyị ga-eji ma ọ bụ ọ bụrụ na ihe nkesa anyị nwere ọtụtụ interface anyị ga-eme ka interface 0.0.0.0 nwee ike.
Ebe a IP ihe nkesa anyị bụ 192.168.0.50, Ya mere, m ga-eji unbound na interface a.
Interface 192.168.0.50
Chọọ eriri ndị a wee mee ya 'Ee'.
do-ip4: yes do-udp: yes do-tcp: yes
Iji mee ka log ahụ nwee ike, tinye mgbanwe dị ka n'okpuru ebe a, ọ ga-abanye n'ime ihe omume ọ bụla na-adịghị.
logfile: /var/log/unbound
Kwado usoro ndị a iji zoo id.server na ajụjụ hostname.bind.
hide-identity: yes
Kwado usoro ndị a iji zoo ajụjụ version.server na ụdị.bind.
hide-version: yes
Mgbe ahụ chọọ access-control ka ị kwe. Nke a bụ iji kwe ka ndị ahịa ahapụ ka ha jụọ nkesa ihe nkesa enweghị oke.
N'ebe a, ejirila m 0.0.0.0, nke ahụ pụtara na onye ọ bụla na-ezigara ajụjụ na sava a. Ọ bụrụ na anyị kwesịrị ịjụ ajụjụ maka ụfọdụ netwọkụ dị iche iche anyị nwere ike ịkọwapụta netwọọkụ kwesịrị ịjụ site na ajụjụ enweghị oke.
access-control: 0.0.0.0/0 allow
Cheta na: Kama ikwe, anyị nwere ike dochie ya na allow_snoop nke a ga-eme ka ụfọdụ paramita ndị ọzọ dị ka gwuo ma ọ na-akwado ma recursive na ndị na-abụghị recursive.
Mgbe ahụ chọọ ngalaba-enweghị nchebe. Ọ bụrụ na ngalaba anyị na-arụ ọrụ na igodo DNS sec, anyị kwesịrị ịkọwa ihe nkesa anyị dị maka ngalaba-enweghị nchebe. N'ebe a, a ga-ewere ngalaba anyị dị ka enweghị nchebe.
domain-insecure: "tecmintlocal.com
Mgbe ahụ, gbanwee forwarders maka ajụjụ anyị rịọrọ emezughị site na nkesa a, ọ ga-ebuga ngalaba mgbọrọgwụ (.) wee dozie ajụjụ a.
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
N'ikpeazụ, chekwaa ma kwụsị faịlụ nhazi site na iji wq!.
6. Mgbe ịmechara nhazi ahụ dị n'elu, ugbu a nyochaa faịlụ unbound.conf maka njehie ọ bụla site na iji iwu a.
# unbound-checkconf /etc/unbound/unbound.conf
7. Mgbe faịlụ nkwenye n'elu enweghị ihe ọ bụla njehie, ị nwere ike n'enweghị Malitegharịa ekwentị 'unbound' ọrụ na-enyere ya na usoro mmalite.
# systemctl start unbound.service # sudo systemctl enable unbound.service
Kwụpụ 3: Nwalee cache DNS na mpaghara
8. Ugbu a bụ oge ịlele cache DNS anyị, site na ịme 'drill' (ajụjụ) otu 'india.com' ngalaba. Na mbụ nsonaazụ iwu 'drill' maka ngalaba 'india.com' ga-ewe ụfọdụ milliseconds, wee mee egwuregwu nke abụọ wee nwee ndetu na oge ajụjụ ọ na-ewe maka nkuzi abụọ ahụ.
drill india.com @192.168.0.50
Ị hụrụ na mmepụta dị n'elu, ajụjụ nke mbụ were ihe fọrọ nke nta ka ọ bụrụ 262 msec iji dozie ma ajụjụ nke abụọ na-ewe 0 msec iji dozie ngalaba (india.com b>)
Nke ahụ pụtara, a na-echekwa ajụjụ mbụ na cache DNS anyị, yabụ mgbe anyị na-agba ọsọ 'drill' nke ugboro abụọ ajụjụ a sitere na cache DNS mpaghara anyị, n'ụzọ dị otú a anyị nwere ike isi melite ọsọ weebụsaịtị.
Kwụpụ 4: Ghichaa Iptables ma tinye Iwu Firewalld
9. Anyị enweghị ike iji ma iptables na firewalld n'otu oge n'otu igwe, ọ bụrụ na anyị abụọ ga-emegide ibe ha, si otú a wepụ iwu ipables ga-abụ ezigbo echiche. Iji wepu ma ọ bụ kpochapu iptables, jiri iwu a.
# iptables -F
10. Mgbe wepụ iptables iwu na-adịgide adịgide, ugbu a tinye DNS ọrụ na firewalld ndepụta na-adịgide adịgide.
# firewall-cmd --add-service=dns # firewall-cmd --add-service=dns --permanent
11. Mgbe agbakwunyere iwu ọrụ DNS, depụta iwu ma kwenye.
# firewall-cmd --list-all
Nzọụkwụ 5: Ijikwa na Nchọpụta nsogbu Unbound
12. Iji nweta ọkwa nkesa ugbu a, jiri iwu a.
# unbound-control status
13. Ọ bụrụ na-ọ bụrụ na ị ga-achọ ka a kwatuo nke a DNS cache ozi na a ederede faịlụ, ị nwere ike redirect ya na ụfọdụ faịlụ site na iji n'okpuru iwu maka ọdịnihu ojiji.
# unbound-control dump_cache > /tmp/DNS_cache.txt
14. Iji weghachi ma ọ bụ bubata cache site na faịlụ ekpofuru, ị nwere ike iji iwu na-esonụ.
# unbound-control dump_cache < /tmp/DNS_cache.txt
15. Iji lelee ma ndị na-ebugharị anyị doziri adreesị ahụ kpọmkwem na sava cache na-adịghị, jiri iwu dị n'okpuru.
# unbound-control lookup google.com
16. Oge ụfọdụ ọ bụrụ na sava cache DNS anyị agaghị aza ajụjụ anyị, ka ọ dịgodị, anyị nwere ike iji kpochapu cache wepụ ozi dịka A, AAA, >NS, SO, CNAME, MX, PTR wdg.. ndekọ sitere na cache DNS. Anyị nwere ike wepu ozi niile site na iji flush_zone nke a ga-ewepụ ozi niile.
# unbound-control flush linux-console.net # unbound-control flush_zone tecmintlocal.com
17. Ka ịlele nke na-aga n'ihu na-eji ugbu a dozie.
# unbound-control list_forwards
Kwụpụ 6: Nhazi DNS nke onye ahịa
18. N'ebe a, ejirila m CentOS 6 ihe nkesa dị ka igwe ahịa m, IP maka igwe a bụ 192.168.0.100na m ga-eji ihe nkesa DNS m na-adịghị ejikọta IP. (ya bụ isi DNS) na nhazi interface ya.
Banye n'ime igwe ndị ahịa wee tọọ Ihe nkesa DNS nke mbụ IP na IP nke sava anyị anaghị agbakọ.
Gbaa iwu ntọala wee họrọ nhazi netwọkụ site na TUI njikwa netwọkụ.
Wee họrọ nhazi DNS, tinye IP nke ihe nkesa na-enweghị njikọ dị ka Primary DNS, mana ebe a ejiri m ha abụọ na Primary na Secondary. n'ihi na enweghị m ihe nkesa DNS ọ bụla ọzọ.
Primary DNS : 192.168.0.50 Secondary DNS : 192.168.0.50
Pịa OK -> Chekwa&Kwụsị -> Kwụsị.
19. Mgbe agbakwunyere adreesị IP nke Primary na Secondary DNS, ugbu a bụ oge ịmalitegharị netwọk site na iji iwu na-esonụ.
# /etc/init.d/network restart
20. Ugbu a, oge iji nweta onye ọ bụla n'ime weebụsaịtị site na igwe ndị ahịa wee lelee cache na sava DNS na-adịghị.
# elinks aol.com # dig aol.com
Mmechi
Na mbụ, e ji anyị hazie sava cache DNS site na iji ngwugwu ejikọta na sistemụ RHEL na CentOS. Ugbu a, anyị ahụla ka esi edobe ihe nkesa cache DNS site na iji ngwugwu enweghị oke. Enwere m olileanya na nke a ga-edozi arịrịọ gị ngwa ngwa karịa ngwugwu ejikọta.